MISRA C ++规则5-0-3误报 [英] MISRA C++ rule 5-0-3 false positive warning
问题描述
我的静态分析器抛出以下警告:
My static analyzer is throwing the following warning:
MCPP规则5-0-3:此复杂表达式被隐式转换为 不同的基本类型
MCPP Rule 5-0-3: This complex expression is implicitly converted to a different essential type
对于以下代码:
void func(const uint32_t arg)
{
//32U has underlying type uint8_t
const uint32_t u32a = arg % 32U; //warning issued in this line
const uint32_t u32b = (arg % static_cast<uint32_t>(32U)); //same warning issued in this line
const uint32_t u32c = static_cast<uint32_t>(arg % 32U); //compliant
}
根据MISRA基础类型转换规则:
According to MISRA underlying type conversion rules:
否则,如果两个操作数都具有整数类型,则基础类型为 可以使用以下命令找到该表达式:
Otherwise, if both operands have integral type, the underlying type of the expression can be found using the following:
–如果类型 操作数的大小相同,并且其中一个是无符号的,结果是 未签名.
– If the types of the operands are the same size, and either is unsigned, the result is unsigned.
–否则,结果的类型是较大的结果的类型 类型.
– Otherwise, the type of the result is that of the larger type.
我认为此警告可能是错误肯定的,因为尽管32U是uint8_t,但表达式应采用较大类型的基础类型,在这种情况下为uint32_t,因此需要static_cast不必要.
I think this warning may be a false positive because, despite the 32U being a uint8_t, the expression should take the underlying type of the larger type, in this case the uint32_t, thus making the need for the static_cast unnecessary.
您是否同意这是假阳性?还是我看错了?
Do you agree this is a false positive? Or am I looking at it all wrong?
MISRA标准指出:
The MISRA standard states that:
因此,整数常量表达式的基础类型为 定义如下:
The underlying type of an integer constant expression is therefore defined as follows:
-
如果表达式的实际类型是带符号整数,则将基础类型定义为最小的带符号整数类型,即 能够代表其价值.
If the actual type of the expression is signed integral, the underlying type is defined as the smallest signed integer type that is capable of representing its value.
如果表达式的实际类型为无符号整数,则将基础类型定义为最小无符号整数类型, 能够代表其价值.
If the actual type of the expression is unsigned integral, the underlying type is defined as the smallest unsigned integer type that is capable of representing its value.
在所有其他情况下,表达式的基础类型都定义为与实际类型相同.
In all other circumstances, the underlying type of the expression is defined as being the same as its actual type.
不. 2是为什么我必须假设32U具有uint8_t的基础类型的原因.
No. 2 is the reason why I've to assume that 32U has the underlying type of uint8_t.
推荐答案
您已经找到相关的部分.文字所在的表达式的类型是无符号的,因此底层类型是可容纳无符号值32(即uint8_t)的最小类型.如果文字为32但不带U后缀,则其基础类型将完全相同(尽管这会违反其他MISRA规则).
You have found the relevant section. The type of the expression where the literal is located is unsigned, so the underlying type is the smallest one that can fit an unsigned value 32, meaning uint8_t. It would have the very same underlying type if the literal had been 32 without the U suffix (though that would violate other MISRA rules).
MISRA的目标是在特定表达式uint32_t arg; ... arg % 32U中永远不会发生危险的隐式转换.话虽这么说,您可以安全地将文字强制转换为uint32_t,这应该使所有警告均静音.确保您的代码中没有隐式类型提升,无论MISRA说什么/不说什么,这都是良好的编程习惯.
What MISRA is aiming for here is that in the specific expression uint32_t arg; ... arg % 32U there can never occur a dangerous implicit conversion. That being said, you can safely cast the literal to uint32_t and that should silence all warnings. Ensuring that there are no implicit type promotions in your code what-so-ever is good programming practice, no matter what MISRA says/doesn't say.
如果静态分析器的目的通常只是检查隐式提升,那么警告就可以了.如果您的静态分析仪的目的是检查MISRA符合性,那么它是误报.
If the purpose of the static analyser is just to check for implicit promotions in general, then the warning is fine. If the purpose of your static analyser is to check for MISRA compliance, then it is a false positive.
无论工具的用途如何,arg % static_cast<uint32_t>(32U)行都不应产生任何形式的诊断.这肯定是错误的肯定.
The line arg % static_cast<uint32_t>(32U) should never yield any form of diagnostic, regardless of the purpose of the tool. That is certainly a false positive.
这篇关于MISRA C ++规则5-0-3误报的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
